I am a bit curious about the best way to send configuration information to the front-end - we have a web server serving up pages and an API server serving the JSON API - currently the urls for the API server are just in an Angular service, basically hardcoded in a front-end JS file. Something slightly more "secure" would be to send the configuration as some sort of object with each request. But I get the feeling that most people would say this is just obfuscation and not really secure at all. What is the best way to do this? Maybe there's just no way to prevent someone from redirecting requests to some other server besides ours?
One way to sort of solve this would be to direct all traffic back to the web server which in turn makes requests to the API, but I am not sure if that's a great solution.
Aucun commentaire:
Enregistrer un commentaire